Fix off-by-one in memory management of PPK reading routine, which could cause

1-byte buffer overflow when reading .PPK files with long lines (>=128 bytes in header value -- probably only happened in practice in the comment field). [originally from svn r5427]
2025-04-10 23:58:06 -05:00 · 2005-03-01 23:48:45 +00:00 · 2005-03-01 23:48:45 +00:00 · ec76c24084
commit ec76c24084
parent d403e31233
1 changed files with 1 additions and 1 deletions
--- a/sshpubk.c
+++ b/sshpubk.c
@ -514,7 +514,7 @@ static char *read_body(FILE * fp)
 	    sfree(text);
 	    return NULL;
 	}
-	if (len + 1 > size) {
+	if (len + 1 >= size) {
 	    size += 128;
 	    text = sresize(text, size, char);
 	}